PlzNavigate: Do not disclose urls between cross-origin renderers.

content/browser/frame_host/render_frame_host_impl.h

Index: content/browser/frame_host/render_frame_host_impl.h
diff --git a/content/browser/frame_host/render_frame_host_impl.h b/content/browser/frame_host/render_frame_host_impl.h
index 748567856514dce3ac0c095a1403bfc4af6b2f7d..97950900c7a76ddcd16f793ba95a2aef5fe5d339 100644
--- a/content/browser/frame_host/render_frame_host_impl.h
+++ b/content/browser/frame_host/render_frame_host_impl.h
@@ -218,6 +218,11 @@ class CONTENT_EXPORT RenderFrameHostImpl
   void ReportContentSecurityPolicyViolation(
       const CSPViolationParams& violation_params) override;
   bool SchemeShouldBypassCSP(const base::StringPiece& scheme) override;
+  void SanitizeDataForUseInCspViolation(
+      GURL* blocked_url,

[alexmos, 2017/05/16 05:56:49]

nit: reorder params so that inputs come before outputs.

[arthursonzogni, 2017/05/16 12:48:44]

Done.

+      SourceLocation* source_location,
+      bool is_redirect,
+      CSPDirective::Name directive) const override;
 
   // Creates a RenderFrame in the renderer process.
   bool CreateRenderFrame(int proxy_routing_id,